Citing the potential of “unprecedented and dangerous threats to the privacy of hundreds of millions of people” from government surveillance programs, a group of leading sustainable investment firms has called upon publicly-held U.S. companies to demonstrate leadership by adopting “a pro-active, principled approach to protecting the privacy and rights of their users.”

In an open letter to companies, the investors said that while the surveillance programs “stem from a legitimate concern over terrorism and national security - a concern that we share deeply – we believe companies must, not only for commercial reasons, exercise independent, principled and critical judgment in protecting the privacy of their customers and clients consistent with international human rights norms and standards.”

The investors said participation in government surveillance programs “could pose material financial risks to the companies involved which investors are entitled to have disclosed. While providing communication services for billions of individuals around the world is both socially beneficial and a profitable business model, it also comes with very real reputational and legal risks.”

The investors expressed concern over “a worrisome ambiguity regarding the ongoing process of handing over user information to government agencies and contractors, even in a lawful context, and the long-term implications for any company that controls personally identifiable information of its customers.”

The investors said they believe corporate boards and management “must demonstrate real leadership in addressing these issues” and urged companies to take steps to:

Increase Transparency – Publicly press the U.S. government to allow public disclosure regarding the size and scope of its requests for data; publish regular transparency reports, within the limitations of law, describing the company’s responses to governmental requests for data; adopt and publish detailed policies, principles and practices regarding the company’s procedures for responding to governmental requests for data.

Fight to Protect Consumer Privacy – Require a warrant for consumer data; seek protection for user privacy in court proceedings; lobby with federal, state and local legislators and regulators for protection of users’ privacy rights and legal and regulatory reforms.

Implement Strong Privacy Rights Management – Establish responsibility for privacy at the most senior levels of the company, including the Board of Directors and appropriate committees of the board; formulate a policy to enable whistleblowers with information regarding potential privacy breaches; assess the financial risks and implications of privacy breaches and disclose them when appropriate and as required under existing SEC guidance.